From bc7c9d928fe9b039e841a6b64eacb0a79d7d5dce Mon Sep 17 00:00:00 2001
From: Victor Julien <victor@inliniac.net>
Date: Wed, 26 May 2010 13:30:05 +0200
Subject: [PATCH] Fix radix and stateful detect engine memory leaks.

---
 src/detect-engine-state.c | 12 ++++++------
 src/util-radix-tree.c     | 31 ++++++++++++++++++++++---------
 src/util-radix-tree.h     |  1 -
 3 files changed, 28 insertions(+), 16 deletions(-)

diff --git a/src/detect-engine-state.c b/src/detect-engine-state.c
index aaf35c8e5e..4983103858 100644
--- a/src/detect-engine-state.c
+++ b/src/detect-engine-state.c
@@ -114,7 +114,7 @@ void DetectEngineStateFree(DetectEngineState *state) {
     if (state == NULL)
         return;
 
-    if (state->head == NULL) {
+    if (state->head != NULL) {
         DeStateStoreFree(state->head);
     }
 
@@ -134,7 +134,7 @@ void DetectEngineStateReset(DetectEngineState *state) {
         SCReturn;
     }
 
-    if (state->head == NULL) {
+    if (state->head != NULL) {
         DeStateStoreFree(state->head);
     }
     state->head = NULL;
@@ -453,6 +453,8 @@ continue_where_we_left_off() {
 
 
 #ifdef UNITTESTS
+#include "flow-util.h"
+
 static int DeStateTest01(void) {
     SCLogDebug("sizeof(DetectEngineState)\t\t%"PRIuMAX,
             (uintmax_t)sizeof(DetectEngineState));
@@ -700,7 +702,6 @@ static int DeStateTest04(void) {
     uint32_t httplen5 = sizeof(httpbuf5) - 1; /* minus the \0 */
     uint32_t httplen6 = sizeof(httpbuf6) - 1; /* minus the \0 */
     uint32_t httplen7 = sizeof(httpbuf7) - 1; /* minus the \0 */
-    HtpState *http_state = NULL;
 
     memset(&th_v, 0, sizeof(th_v));
     memset(&p, 0, sizeof(p));
@@ -842,9 +843,8 @@ static int DeStateTest04(void) {
 
     result = 1;
 end:
-    if (http_state != NULL) {
-        HTPStateFree(http_state);
-    }
+    CLEAR_FLOW(&f);
+
     if (det_ctx != NULL) {
         DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
     }
diff --git a/src/util-radix-tree.c b/src/util-radix-tree.c
index ab04c012d0..460e7c6250 100644
--- a/src/util-radix-tree.c
+++ b/src/util-radix-tree.c
@@ -141,8 +141,7 @@ static SCRadixUserData *SCRadixAllocSCRadixUserData(uint8_t netmask, void *user)
 {
     SCRadixUserData *user_data = SCMalloc(sizeof(SCRadixUserData));
     if (user_data == NULL) {
-        SCLogError(SC_ERR_FATAL, "Fatal error encountered in SCRadixAllocSCRadixUserData. Exiting...");
-        exit(EXIT_FAILURE);
+        return NULL;
     }
 
     memset(user_data, 0, sizeof(SCRadixUserData));
@@ -238,11 +237,13 @@ static SCRadixPrefix *SCRadixCreatePrefix(uint8_t *key_stream,
     }
 
     if ( (prefix = SCMalloc(sizeof(SCRadixPrefix))) == NULL)
-        return NULL;
+        goto error;
+
     memset(prefix, 0, sizeof(SCRadixPrefix));
 
     if ( (prefix->stream = SCMalloc(key_bitlen / 8)) == NULL)
-        return NULL;
+        goto error;
+
     memset(prefix->stream, 0, key_bitlen / 8);
 
     memcpy(prefix->stream, key_stream, key_bitlen / 8);
@@ -250,6 +251,13 @@ static SCRadixPrefix *SCRadixCreatePrefix(uint8_t *key_stream,
     prefix->user_data = SCRadixAllocSCRadixUserData(netmask, user);
 
     return prefix;
+
+error:
+    if (prefix != NULL) {
+        SCFree(prefix);
+    }
+
+    return NULL;
 }
 
 /**
@@ -477,6 +485,10 @@ static void SCRadixReleaseNode(SCRadixNode *node, SCRadixTree *tree)
 {
     if (node != NULL) {
         SCRadixReleasePrefix(node->prefix, tree);
+
+        if (node->netmasks != NULL)
+            SCFree(node->netmasks);
+
         SCFree(node);
     }
 
@@ -577,6 +589,11 @@ static SCRadixNode *SCRadixAddKey(uint8_t *key_stream, uint16_t key_bitlen,
     int j = 0;
     int temp = 0;
 
+    if (tree == NULL) {
+        SCLogError(SC_ERR_INVALID_ARGUMENT, "Argument \"tree\" NULL");
+        return NULL;
+    }
+
     /* chop the ip address against a netmask */
     SCRadixChopIPAddressAgainstNetmask(key_stream, netmask, key_bitlen);
 
@@ -586,11 +603,6 @@ static SCRadixNode *SCRadixAddKey(uint8_t *key_stream, uint16_t key_bitlen,
         return NULL;
     }
 
-    if (tree == NULL) {
-        SCLogError(SC_ERR_INVALID_ARGUMENT, "Argument \"tree\" NULL");
-        return NULL;
-    }
-
     /* the very first element in the radix tree */
     if (tree->head == NULL) {
         node = SCRadixCreateNode();
@@ -599,6 +611,7 @@ static SCRadixNode *SCRadixAddKey(uint8_t *key_stream, uint16_t key_bitlen,
         tree->head = node;
         if (netmask == 255 || (netmask == 32 && key_bitlen == 32) || (netmask == 128 && key_bitlen == 128))
             return node;
+
         /* if we have reached here, we are actually having a proper netblock in
          * our hand(i.e. < 32 for ipv4 and < 128 for ipv6).  Add the netmask for
          * this node.  The reason we add netmasks other than 32 and 128, is
diff --git a/src/util-radix-tree.h b/src/util-radix-tree.h
index cd33e5af19..31a8c62b16 100644
--- a/src/util-radix-tree.h
+++ b/src/util-radix-tree.h
@@ -148,5 +148,4 @@ void SCRadixPrintNodeInfo(SCRadixNode *, int,  void (*PrintData)(void*));
 
 void SCRadixRegisterTests(void);
 
-
 #endif /* __UTIL_RADIX_TREE_H__ */